Many websites, services, and applications implement various data protection techniques. For instance, an entity within a trusted domain may encrypt or tokenize data, and may provide the protected data to an entity outside of the trusted domain. Entities outside a trusted domain, such as cloud service providers, clients coupled to trusted network, applications running on a device outside of a device trusted domain, and the like can provide data services that require the performance of various data operations on unprotected data. However, providing the unprotected data to the entity outside of the trusted domain exposes the data to potential mis-use by the entity, interception by an unauthorized entity, or any number of other security threats.
The figures (Figs.) depict embodiments for purposes of illustration only. One skilled in the art will readily recognize from the following description that alternative embodiments of the structures and methods illustrated herein can be employed without departing from the principles of the invention described herein.